CN113726918B - Domain name resolution method based on cloud computing network and related system and device - Google Patents
Domain name resolution method based on cloud computing network and related system and device Download PDFInfo
- Publication number
- CN113726918B CN113726918B CN202110824843.3A CN202110824843A CN113726918B CN 113726918 B CN113726918 B CN 113726918B CN 202110824843 A CN202110824843 A CN 202110824843A CN 113726918 B CN113726918 B CN 113726918B
- Authority
- CN
- China
- Prior art keywords
- domain name
- vpc
- address
- accessed
- query message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004590 computer program Methods 0.000 claims 1
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 118
- 238000005129 volume perturbation calorimetry Methods 0.000 description 118
- 238000012545 processing Methods 0.000 description 9
- 238000002955 isolation Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013519 translation Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5061—Pools of addresses
Abstract
A method, a device and a system for domain name resolution in a data center system, wherein the system comprises at least one physical server, a DNS server and distributed routing equipment, at least one virtual machine is operated on each physical server, the virtual machines in the data center system are respectively positioned in at least two Virtual Private Clouds (VPCs), the same domain name is hosted in the at least two VPCs, the same domain name points to different services in the at least two VPCs, the DNS server establishes a corresponding relation between NAT addresses of user virtual machines and VPC identifications, the VPCs where different users are located are distinguished through the VPC identifications, and then an IP address corresponding to the domain name hosted in the VPC is determined.
Description
Technical Field
The present invention relates to the field of IT technologies, and in particular, to a domain name resolution method based on a cloud computing network, and a related system and device.
Background
The domain name system (domain name system, DNS) is a system that implements the mapping of domain names and IP addresses to each other on the internet. When a user accesses the Internet, the user does not need to directly use the IP address which can be read by the machine to access, the user only needs to input the host domain name, the DNS system performs domain name resolution operation to obtain the IP address corresponding to the host domain name, and the user can access the IP address.
The virtual private cloud (virtual private cloud, VPC) is a custom private network created by a user in a data center network, two layers of logical isolation are formed between different virtual private clouds, the user can manage the network of the own virtual private cloud, and cloud product instances are created and managed in the virtual private cloud, such as network segments, configuration routing tables, gateways and the like.
Because the user can autonomously configure and manage the VPC network, different user configured domain names may be duplicated in different VPC networks. Illustratively, user a configures the IP address corresponding to domain name www.abc.com in the VPC1 network to be 2.2.2.2, and user B configures the IP address corresponding to domain name www.abc.com in the VPC2 network to be 3.3.3.3. In this case, when the DNS server in the data center performs domain name resolution, different IP addresses corresponding to the same domain name cannot be returned to different users due to the fact that the domain name is duplicated.
Disclosure of Invention
The embodiment of the invention describes a method, a device and a system for domain name resolution in a data center system, and solves the problem that a DNS server cannot accurately perform domain name resolution under the condition that domain names of different VPCs in the data center system are repeated.
In one aspect, an embodiment of the present invention provides a method for performing domain name resolution in a data center system, where the data center system includes at least one physical server, a DNS server, and a distributed routing device, each physical server has at least one virtual machine running thereon, the virtual machines in the data center system are respectively located in at least two VPCs, the at least two VPCs host the same domain name, and the same domain name points to different services in the at least two VPCs, and the method includes:
the DNS server receives a modified DNS query message sent by the distributed routing equipment, the source IP address of the modified DNS query message is a NAT address corresponding to a first virtual machine in a first VPC which sends the DNS query message, and the modified DNS query message carries a domain name to be accessed by the first virtual machine;
the DNS server determines the identifier of the VPC where the first virtual machine is located according to the corresponding relation between the NAT address and the VPC identifier;
and the DNS server acquires the IP address corresponding to the domain name hosted in the VPC according to the determined identifier of the VPC, and returns the acquired IP address to the first physical server.
According to the embodiment of the invention, the corresponding relation between the NAT address and the VPC identifier is established in the DNS server, and the VPCs where different users are located are distinguished through the VPC identifier, so that the DNS server supports the isolation of the users among different VPCs, and the correct analysis of the same domain name in different VPC networks in the data center is realized.
In one possible implementation manner, the DNS server reads, from a storage device, a NAT address in a NAT address pool allocated to a VPC, records a correspondence between the NAT address and a VPC identifier, and the storage device records the VPC identifier and the correspondence attributed to the NAT address pool of the VPC.
The correspondence may be recorded in the form of an array, and specifically, the array includes an index and a VPC identifier, where the index is used to uniquely identify a NAT address. The value of the index is the result obtained by performing AND operation on the NAT address and 100.64.0.0. Through the index, the query efficiency can be improved.
When the DNS server does not query the IP address corresponding to the domain name locally, further, the DNS server sends a DNS query request to an internet domain name server outside the data center system, obtains a public network IP address corresponding to the domain name, and returns the public network IP address to the first virtual machine in the first physical server.
In a second aspect, an embodiment of the present invention provides a data center system, where the system includes at least one physical server, a DNS server, and a distributed routing device, each physical server has at least one virtual machine running thereon, the virtual machines in the data center system are respectively located in at least two VPCs, the at least two VPCs have the same domain name hosted therein, the same domain name points to different services in the at least two VPCs,
the first physical server in the data center system is configured to send a domain name system DNS query message sent by a first virtual machine running on the first physical server to the distributed routing device, where a source IP address of the DNS query message is a local area network address of the first virtual machine in a first VPC, and the DNS query message carries a domain name to be accessed by the first virtual machine;
the distributed routing equipment is used for receiving the DNS query message, modifying a source IP address of the DNS query message into a NAT address corresponding to the source IP address, and sending the modified DNS query message to the DNS server;
the DNS server is used for receiving the modified DNS query message, determining the identifier of the VPC where the first virtual machine is located according to the corresponding relation between the NAT address and the VPC identifier, acquiring the IP address corresponding to the domain name hosted in the VPC according to the determined identifier of the VPC, and returning the acquired IP address to the first physical server;
the first physical server is configured to send an access request sent by the first virtual machine according to the IP address, where the access request is used to access a service pointed by the domain name in the first VPC.
The system further comprises a storage device for recording a pool of NAT addresses belonging to the VPC and a VPC identification when the VPC is created.
In a third aspect, corresponding to the method for domain name resolution in the first aspect, an embodiment of the present invention further provides a DNS server, where the DNS server includes a receiving unit, and a sending unit, where each unit is configured to execute a method step in domain name resolution, to implement domain name resolution.
In one possible design, the DNS server is implemented by a general purpose or special purpose physical server, where the physical server includes a processor, a memory, a system bus, and an input-output interface, where the processor is configured to support the corresponding functions of the DNS server in the system. The input-output interface is used for communicating with other components in the data center system, and the processor executes instructions stored in the memory.
In yet another aspect, an embodiment of the present invention provides a computer storage medium storing computer software instructions for use with the DNS server described above, including a program designed to perform the above aspects.
Drawings
FIG. 1 is a schematic diagram of a data center system according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for domain name resolution of a data center system according to an embodiment of the present invention;
fig. 3 is a schematic logic structure diagram of a DNS server according to an embodiment of the present invention;
fig. 4 is a schematic hardware structure of a DNS server according to an embodiment of the present invention.
Detailed Description
In the Internet network, the domain name is unique, and an Internet domain name server (public network DNS server) provides domain name resolution service for Internet users. In a data center network, users can build VPCs, custom domain names in PVC. The VPC is a user-defined logic isolation network space in the data center system, has the capability similar to the traditional network, and can completely master the self-owned VPC, and various operations are performed on the VPC, including user-defined network segment division, IP address allocation, routing policy formulation and the like. Thus, the same domain name may be applied in different VPC networks representing different services, i.e. the domain name has the possibility of duplication in the data center system.
Illustratively, user a establishes VPC1 in the data center system, and defines a domain name www.abc.com in VPC1 for pointing to website a with IP address 2.2.2.2; subscriber B establishes VPC2 in the data center system, and defines a domain name www.abc.com in VPC2 for pointing to website B with an IP address of 3.3.3.3. The first virtual machine in VPC1 inputs a domain name www.abc.com in the browser, initiates a DNS query to a DNS server in the data center system, and the DNS server receives the domain name www.abc.com input by the first virtual machine in VPC1, cannot determine the VPC corresponding to the domain name www.abc.com, and cannot resolve the IP address corresponding to the domain name, so that the first virtual machine in VPC1 cannot access the website a.
In order to solve the above problems, the embodiments of the present invention provide a method for providing domain name resolution service to a user virtual machine by a DNS server in a data center system, which can implement correct resolution for the same domain name in different VPC networks. In the embodiment of the invention, the corresponding relation between the network address translation (network address translation, NAT) address of the user virtual machine and the VPC identification is established, the VPCs of different users are distinguished through the VPC identification, and the IP address corresponding to the domain name hosted in the VPC is further determined, so that the DNS server supports the isolation of the users among different VPCs, and the correct analysis of the same domain name in different VPC networks is realized.
The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings.
As shown in fig. 1, a schematic structural diagram of a data center system according to an embodiment of the present invention is provided, where the data center network includes a DNS server 101, a distributed routing device 102, and a plurality of physical servers 103, where a VM (virtual machine) is running on the physical servers 103, and the data center system includes at least two VPCs, and each VPC includes at least one virtual machine. The virtual machine is connected to DNS server 101 through distributed routing device 102, and DNS server 101 provides domain name resolution service for the virtual machine.
Two layers of isolation are arranged between different VPCs, local area network addresses of a plurality of VMs in the same VPC are different, and the plurality of VMs in different VPCs can be configured to be the same local area network address. Illustratively, in VPC1, VM1 has a local area network address of 192.168.10.10 and VM2 has a local area network address of 192.168.10.11; in VPC2, VM3 has a local area network address of 192.168.10.10 and VM4 has a local area network address of 192.168.10.11.
The VMs in the VPC are connected to the distributed routing device 102, each VM being connected to a port of the distributed routing device whose IP address is the NAT address of the VM connected to the port. Illustratively, the IP address of the port of the distributed routing device 102 to which VM1 is connected is 100.64.10.10, the IP address of the port of the distributed routing device 102 to which VM2 is connected is 100.64.10.11, the IP address of the port of the distributed routing device 102 to which VM3 is connected is 100.64.10.10, and the IP address of the port of the distributed routing device 102 to which VM4 is connected is 100.64.10.11.
The data center system further comprises a storage device 104, and when a user creates a VPC in the data center system, the corresponding relation between the NAT address pool allocated to the VPC and the VPC identifier is recorded in the storage device 104. The DNS server 101 may read and record the correspondence between NAT address pools and VPC identifiers from the storage device 104.
The data center system is connected with a public network domain name server 105 through an internet network, and when the DNS server 101 in the data center system cannot inquire an IP address corresponding to a domain name, the DNS server forwards a DNS query message to the public network domain name server, and the public network domain name server provides domain name resolution service.
A VM in a VPC initiates a DNS query message, wherein the DNS query message carries a domain name to be accessed by the VM, and a source IP address of the DNS query message is a local area network address of the VM. The distributed routing device 102 receives the DNS query message and modifies the source IP address of the DNS query message to the IP address of the port connected to the VM
The DNS server can only process the DNS query message, and the DNS query message cannot carry the VPC identifier of the user, so that the DNS server cannot distinguish from which VPC the DNS query message is sent. In the cloud computing network, when a message sent by a virtual machine in a VPC is subjected to NAT translation, the translated IP address belongs to a fixed IP address pool (for example, the translated IP addresses are all in the range of 100.64.0.0 to 100.127.255.255), and each IP address uniquely belongs to a certain VPC. As shown in fig. 1, the local area network address of VM1 in VPC1 is 192.168.10.10, the local area network address of VM2 in VPC1 is 192.168.10.11, after NAT conversion, the IP address corresponding to VM1 is 10.64.10.10, and the IP address corresponding to vm2 is 10.64.10.11. In the embodiment of the invention, the DNS server can search the identifier of the VPC to which the source virtual machine sending the query message belongs through the corresponding relation between the source IP address and the VPC, so that the DNS server can identify the VPC to which the virtual machine belongs.
The DNS server may pre-establish a correspondence between the source IP address and the VPC identifier, for example, where the correspondence is shown in table 1:
TABLE 1
The index is specifically a numerical value obtained by performing AND operation on the NAT address and 10.64.0.0.
Further, when creating the VPC, the user notifies the DNS server to update the correspondence. Specifically, when a user creates a VPC, the cloud computing management system allocates a corresponding NAT address pool for the created VPC, and records the correspondence between the VPC identifier and the NAT address pool in the database. The DNS server may actively read the database, and update the above-mentioned correspondence recorded in the DNS server.
The DNS server may store the above correspondence, specifically, when the DNS service is started, the DNS server allocates memory for the above correspondence, and is configured to store the correspondence between the source IP address and the VPC identifier, and may specifically store the corresponding relationship in an array manner. In one possible implementation, the upper capacity limit of the array may be set to 400 ten thousand, i.e., 400 ten thousand IPs contained in 100.64.0.0/10 segments may be stored.
In one possible implementation, the DNS server may further assign a namespace to each VPC, and use the VPC identifier as an identifier of the namespace, where an IP address corresponding to each domain name in the VPC corresponding to the namespace is recorded. When the DNS server receives the query message, determining the identifier of the VPC where the virtual machine sending the query message is located according to the source IP address of the query message, finding a corresponding naming space through the determined VPC identifier, and carrying out domain name resolution in the found naming space, so as to determine the IP address corresponding to the domain name to be resolved.
In one embodiment, the DNS server may be in the form of a server cluster to provide a domain name resolution server for the data center system, where each virtual machine in the data center system accesses the DNS server cluster through a virtual IP of the DNS server cluster, and after load balancing, selects a DNS server in the cluster to execute the domain name resolution method described in the embodiment of the present invention.
As shown in fig. 2, based on the system structure shown in fig. 1, an embodiment of the present invention provides a method for domain name resolution in a data center system, where the method includes:
step 201: the user logs in the VM1, the VM1 is belonged to the VPC1, the user opens a browser on the VM1, inputs a domain name to be accessed, the VM1 initiates domain name query operation, and sends a DNS query message to a DNS server, wherein the DNS query message is used for indicating the DNS server to analyze the domain name to be accessed.
Illustratively, the domain name to be accessed is www.abc.com and the local area network address of VM1 is 192.168.10.11.
Step 202: the distributed routing equipment receives the DNS query message through a port connected with the VM1, carries out NAT conversion on the DNS query message, and modifies a source IP address of the DNS query message into a corresponding NAT address, wherein the NAT address is the IP address of the port connected with the VM1, and the destination address of the DNS query message is the virtual IP address of the DNS server. For example, VM1 corresponds to NAT address 100.64.10.11.
Step 203: and the distributed routing equipment sends the DNS query message to the DNS server.
Step 204: the DNS server receives the DNS query message, and determines the identifier of the VPC where the VM1 is located according to the corresponding relation between the NAT address and the identifier of the VPC;
the DNS server records the corresponding relation between the NAT address and the VPC identifier, namely, the DNS server can determine the VPC of the VM sending the DNS query message according to the NAT address carried in the source address of the DNS query message.
In one embodiment, when a user creates a VPC, the system assigns a pool of NAT addresses to the VPC, and each VM in the VPC is assigned a NAT address in the pool of NAT addresses. After the creation of the VPCs is completed, the DNS server acquires NAT address pools corresponding to each VPC, and records the corresponding relation between NAT addresses and VPC identifiers.
Step 205: and the DNS server acquires an IP address corresponding to the domain name to be accessed carried by the DNS query message according to the determined VPC identifier of the VM1.
In one embodiment, the DNS server establishes a domain name resolution table for each VPC, where the domain name resolution table includes a domain name and an IP address corresponding to the domain name. And the DNS server searches a domain name resolution table of the VPC according to the identification of the VPC where the VM1 is located, and acquires an IP address corresponding to the domain name to be accessed.
Furthermore, the DNS server may further allocate a namespace to each VPC, where a correspondence between a domain name hosted in the VPC and an IP address providing a service to which the domain name points is recorded in the namespace;
the step 205 specifically includes: and the DNS server inquires an IP address corresponding to the domain name carried in the DNS inquiry message in the determined name space corresponding to the VPC identifier.
Step 206: the DNS server returns an IP address corresponding to the domain name to be accessed in VPC1 to VM1, and the IP address corresponding to the domain name to be accessed in VPC1 is 2.2.2.2.
The VM1 obtains the IP address corresponding to the domain name to be accessed, and sends an access request, wherein the destination address of the access request is the IP address corresponding to the domain name to be accessed, and the access request is used for accessing the service pointed by the domain name in the first VPC.
It should be noted that, when the domain name to be accessed is not a domain name hosted on a DNS server in the data center network but a public domain name in the internet network, the DNS server cannot query an IP address corresponding to the domain name to be accessed in the VPC1, and step 207 is executed at this time.
Step 207: the DNS server initiates a domain name query request to an internet domain name server.
Step 208: and the DNS server receives the IP address corresponding to the domain name to be accessed returned by the Internet domain name server, and returns the received IP address to the VM1.
Step 209: and the VM1 receives the IP address and initiates a service request to a server corresponding to the IP address.
Similar to the above domain name resolution process, when VM2 in VPC2 initiates a DNS query to a DNS server, the DNS server determines, according to a source address carried in a DSN query message, an identifier of the VPC to which VM2 that issues the DNS query message belongs, and obtains an IP address corresponding to the domain name in the VPC.
In the embodiment of the invention, the corresponding relation between the NAT address of the user virtual machine and the VPC identifier is established, the VPCs of different users are distinguished through the VPC identifier, and the IP address corresponding to the domain name hosted in the VPC is further determined, so that the DNS server supports the isolation of the users among different VPCs, and the correct analysis of the same domain name in different VPC networks is realized.
Furthermore, the DNS server may allocate different namespaces for different VPCs, and query the IP address corresponding to the domain name in the namespaces corresponding to the VPCs after determining the VPCs of the virtual machines sending the DNS query messages, thereby implementing user isolation.
As shown in fig. 3, a schematic structural diagram of a DNS server according to an embodiment of the present invention is provided, where the DNS server includes a receiving unit 301, a processing unit 302, and a sending unit 303, and the functional modules 301 to 303 execute each function of the DNS server in the embodiment corresponding to fig. 2, to implement providing domain name resolution service for VM in VPC, specifically,
a receiving unit 301, configured to receive a modified DNS query message sent by a distributed routing device, where a source IP address of the modified DNS query message is a NAT address corresponding to a first virtual machine in a first VPC that sends the DNS query message, and the modified DNS query message carries a domain name to be accessed by the first virtual machine;
the processing unit 302 is configured to determine an identifier of a VPC where the first virtual machine is located according to a correspondence between a NAT address and the VPC identifier, and obtain an IP address corresponding to the domain name hosted in the VPC according to the determined identifier of the VPC;
and the sending unit 303 is configured to return the acquired IP address to the first virtual machine.
The processing unit 302 is specifically configured to read, from the storage device, a NAT address pool of each VPC and an identifier of the VPC corresponding to the NAT address pool, and record a correspondence between the NAT address and the VPC identifier.
The processing unit 302 is specifically configured to build an array, where the array includes an index and a VPC identifier, and the index is used to uniquely identify a NAT address.
The processing unit 302 is specifically configured to allocate a namespace to each VPC, and record, in the namespace, a correspondence between a domain name hosted in the VPC and an IP address providing a service pointed by the domain name;
the processing unit 302 is specifically configured to query, after the receiving unit receives the modified DNS query message, an IP address corresponding to a domain name carried in the DNS query message in a determined namespace corresponding to the VPC identifier.
The sending unit 303 is further configured to send a DNS query request to an internet domain name server outside the data center system when the processing unit does not query the IP address corresponding to the domain name;
the receiving unit 301 is further configured to obtain a public network IP address corresponding to the domain name returned by the internet domain name server;
the sending unit 303 is further configured to return the public network IP address to the first virtual machine.
The DNS server may be specifically a dedicated or general-purpose physical server, and fig. 4 is a schematic block diagram of a DNS server 400 according to an embodiment of the present invention. The DNS server 400 includes: the processor and transceiver, the processor and transceiver being coupled, and optionally the server 400 further comprises a memory coupled to the processor, and further optionally the server 400 comprises a bus system. Wherein the processor, memory and transceiver may be connected by a bus system, the memory may be configured to store instructions, and the processor is configured to execute the instructions stored in the memory to control the transceiver to receive information or signals, so that the server 400 performs the functions of the DNS server in the data center system, the acts or processes performed.
The processor in the embodiments of the present invention may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be implemented by integrated logic circuits of hardware in a processor or instructions in software form. The processor may be a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA), or other programmable logic device. The disclosed methods, steps, and logic blocks in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
The memory or storage device in embodiments of the present invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and Direct RAM (DR RAM). It should be noted that the memory of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiment of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing is merely a specific implementation of the embodiment of the present invention, but the protection scope of the embodiment of the present invention is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the embodiment of the present invention, and the changes or substitutions are covered by the protection scope of the embodiment of the present invention. Therefore, the protection scope of the embodiments of the present invention shall be subject to the protection scope of the claims.
Claims (15)
1. A cloud computing network-based data center system, the system comprising a DNS server, a first VPC, a first virtual machine disposed within the first VPC, a second VPC, and a second virtual machine disposed within the second VPC, and a distributed routing device, wherein:
the DNS server is configured to establish a first domain name resolution table for the first VPC, and establish a second domain name resolution table for a second VPC, where the first domain name resolution table includes a first domain name to be accessed and a first IP address of the first domain name to be accessed in the first VPC, and the second domain name resolution table includes the first domain name to be accessed and a second IP address of the first domain name to be accessed in the second VPC;
the first virtual machine is configured to send a first DNS query message to the DNS server, where the first DNS query message carries the first domain name to be accessed and is used to instruct the DNS server to perform domain name resolution on the first domain name to be accessed, and a source IP address of the first DNS query message is a local area network address of the first virtual machine in the first VPC;
the distributed routing device is configured to receive the first DNS query message, modify a source IP address of the first DNS query message to an IP address belonging to the first VPC in an IP address pool, and send the modified first DNS query message to the DNS server;
the DNS server is further configured to receive the first DNS query message, determine the first VPC according to the IP address corresponding to the first VPC, query the first domain name resolution table corresponding to the first VPC according to the first domain name to be accessed carried by the first DNS query message, obtain a first IP address corresponding to the first domain name to be accessed from the first domain name resolution table, and return the first IP address to the first virtual machine;
the second virtual machine is configured to send a second DNS query message to the DNS server, where the second DNS query message carries the first domain name to be accessed and is used to instruct the DNS server to perform domain name resolution on the first domain name to be accessed, and a source IP address of the second DNS query message is a local area network address of the second virtual machine in the second VPC;
the distributed routing device is configured to receive the second DNS query message, modify a source IP address of the second DNS query message to an IP address belonging to a second VPC in the IP address pool, and send the modified second DNS query message to the DNS server;
the DNS server is further configured to receive the second DNS query message, determine the second VPC according to the IP address corresponding to the second VPC, query the second domain name resolution table corresponding to the second VPC according to the first domain name to be accessed carried by the second DNS query message, obtain a second IP address corresponding to the first domain name to be accessed from the second domain name resolution table, and return the second IP address to the second virtual machine.
2. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
the DNS server is further configured to receive a second DNS query packet sent by the first virtual machine in the first VPC to the DNS server, where the second DNS query packet carries a second domain name to be accessed and is used to instruct the DNS server to perform domain name resolution on the second domain name to be accessed, where the second domain name to be accessed is different from the first domain name to be accessed;
the DNS server is further configured to query the first domain name resolution table corresponding to the first VPC according to the second domain name to be accessed carried by the second DNS query message, confirm that the second domain name to be accessed is not recorded in the first domain name resolution table, and send the first DNS query message to an internet domain name server connected to the data center system through an internet network.
3. The system of claim 2, wherein the second domain name to be accessed is an internet domain name.
4. The system of claim 2, wherein the system further comprises:
and the DNS server receives the Internet IP address corresponding to the second domain name to be accessed and returned by the Internet domain name server, and returns the received Internet IP address to the first virtual machine.
5. The system of claim 1, further comprising a first physical server, the first virtual machine running on the first physical server, wherein:
the first physical server is configured to send the first DNS query message sent by the first virtual machine to the distributed routing device, where a source IP address of the first DNS query message is a local area network address of the first virtual machine in the first VPC;
the DNS server is configured to receive the modified first DNS query message, determine, according to a correspondence between an IP address of a VPC and a VPC identifier, the identifier of a first VPC where the first virtual machine is located, obtain, according to the determined identifier of the first VPC, the first IP address corresponding to the first domain name to be accessed, which is hosted in the first VPC, and return the obtained first IP address to the first physical server;
the first physical server is configured to send an access request sent by the first virtual machine according to the first IP address, where the access request is used to access a service pointed by the first domain name to be accessed in the first VPC.
6. The system of claim 5, further comprising a storage device,
the storage device is used for recording a NAT address pool of the VPC belonging to the data center system and a VPC identification when the VPC of the data center system is created.
7. The system of claim 6, wherein the system further comprises a controller configured to control the controller,
the DNS server is further configured to read, from the storage device, an IP address pool of the VPC of the data center system and an identifier of the VPC corresponding to the IP address pool, and record a correspondence between an IP address of the VPC and the VPC identifier.
8. The system of claim 7, wherein the system further comprises a controller configured to control the controller,
the DNS server is further configured to establish an array, where the array includes an index and a VPC identifier, and the index is used to uniquely identify an IP address of a VPC.
9. The system of any one of claims 5-7, wherein,
the DNS server is further configured to allocate a namespace to each VPC of the data center system, and record, in the namespace, a correspondence between a domain name hosted in the VPC of the data center system and an IP address providing a service to which the domain name points;
the DNS server is specifically configured to query, in a determined namespace corresponding to the identifier of the VPC, a first IP address corresponding to the first domain name to be accessed, where the first IP address is carried in the first DNS query message.
10. A method of domain name resolution for a cloud computing network based data center system, the system comprising a DNS server, a first VPC, a first virtual machine disposed within the first VPC, a second VPC, and a second virtual machine disposed within the second VPC, and a distributed routing device, the method comprising:
the DNS server establishes a first domain name resolution table for the first VPC and establishes a second domain name resolution table for a second VPC, wherein the first domain name resolution table comprises a first domain name to be accessed and a first IP address of the first domain name to be accessed in the first VPC, and the second domain name resolution table comprises the first domain name to be accessed and a second IP address of the first domain name to be accessed in the second VPC;
the first virtual machine sends a first DNS query message to the DNS server, wherein the first DNS query message carries the first domain name to be accessed and is used for indicating the DNS server to conduct domain name resolution on the first domain name to be accessed, and the source IP address of the first DNS query message is a local area network address of the first virtual machine in the first VPC;
the distributed routing equipment receives the first DNS query message, modifies the source IP address of the first DNS query message into the IP address belonging to the first VPC in an IP address pool, and sends the modified first DNS query message to the DNS server;
the DNS server receives the first DNS query message, determines the first VPC according to the IP address corresponding to the first VPC, queries the first domain name resolution table corresponding to the first VPC according to the first domain name to be accessed carried by the first DNS query message, acquires a first IP address corresponding to the first domain name to be accessed from the first domain name resolution table, and returns the first IP address to the first virtual machine;
the second virtual machine sends a second DNS query message to the DNS server, wherein the second DNS query message carries the first domain name to be accessed and is used for indicating the DNS server to conduct domain name resolution on the first domain name to be accessed, and the source IP address of the second DNS query message is the local area network address of the second virtual machine in the second VPC;
the distributed routing equipment receives the second DNS query message, modifies the source IP address of the second DNS query message into the IP address belonging to a second VPC in the IP address pool, and sends the modified second DNS query message to the DNS server;
the DNS server receives the second DNS query message, determines the second VPC according to the IP address corresponding to the second VPC, queries the second domain name resolution table corresponding to the second VPC according to the first domain name to be accessed carried by the second DNS query message, acquires a second IP address corresponding to the first domain name to be accessed from the second domain name resolution table, and returns the second IP address to the second virtual machine.
11. The method according to claim 10, wherein the method further comprises:
the DNS server receives a second DNS query message sent to the DNS server by a first virtual machine in the first VPC, wherein the second DNS query message carries a second domain name to be accessed and is used for indicating the DNS server to conduct domain name resolution on the second domain name to be accessed, and the second domain name to be accessed is different from the first domain name to be accessed;
and the DNS server queries the first domain name resolution table corresponding to the first VPC according to the second domain name to be accessed carried by the second DNS query message, confirms that the second domain name to be accessed is not recorded in the first domain name resolution table, and sends the first DNS query message to an Internet domain name server connected with the data center system through an Internet network.
12. The method of claim 11, wherein the second domain name to be accessed is an internet domain name.
13. The method of claim 11, wherein the method further comprises:
and the DNS server receives the Internet IP address corresponding to the second domain name to be accessed and returned by the Internet domain name server, and returns the received Internet IP address to the first virtual machine.
14. A DNS server comprising a processor and a memory, the memory having instructions stored therein, the processor executing the instructions in the memory to cause the DNS server to perform the method of any of claims 10-13.
15. A computer storage medium, characterized in that the storage medium has stored therein a computer program which, when executed by a processor, implements the method of any of claims 10-13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110824843.3A CN113726918B (en) | 2017-10-11 | 2017-10-11 | Domain name resolution method based on cloud computing network and related system and device |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110824843.3A CN113726918B (en) | 2017-10-11 | 2017-10-11 | Domain name resolution method based on cloud computing network and related system and device |
| PCT/CN2017/105686 WO2019071464A1 (en) | 2017-10-11 | 2017-10-11 | Method, apparatus and system for domain name resolution in data center system |
| CN201780095877.5A CN111213348B (en) | 2017-10-11 | 2017-10-11 | Method, device and system for domain name resolution in data center system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201780095877.5A Division CN111213348B (en) | 2017-10-11 | 2017-10-11 | Method, device and system for domain name resolution in data center system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113726918A CN113726918A (en) | 2021-11-30 |
| CN113726918B true CN113726918B (en) | 2024-01-05 |
Family
ID=66100305
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110824843.3A Active CN113726918B (en) | 2017-10-11 | 2017-10-11 | Domain name resolution method based on cloud computing network and related system and device |
| CN201780095877.5A Active CN111213348B (en) | 2017-10-11 | 2017-10-11 | Method, device and system for domain name resolution in data center system |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201780095877.5A Active CN111213348B (en) | 2017-10-11 | 2017-10-11 | Method, device and system for domain name resolution in data center system |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN113726918B (en) |
| WO (1) | WO2019071464A1 (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917649B (en) * | 2019-05-10 | 2022-06-28 | 华为云计算技术有限公司 | Virtual private cloud communication and configuration method and related device |
| CN112804366B (en) * | 2019-11-13 | 2023-05-12 | 北京百度网讯科技有限公司 | Method and device for resolving domain name |
| CN112333135B (en) * | 2020-07-16 | 2022-09-06 | 北京京东尚科信息技术有限公司 | Gateway determination method, device, server, distributor, system and storage medium |
| CN112165532B (en) * | 2020-10-14 | 2024-04-09 | 腾讯科技(深圳)有限公司 | Node access method, device, equipment and computer readable storage medium |
| CN113067803B (en) * | 2021-03-12 | 2023-05-05 | 北京金山云网络技术有限公司 | Resource isolation system, request processing method and request processing device |
| CN113194076B (en) * | 2021-04-16 | 2023-04-21 | 中盈优创资讯科技有限公司 | Safety controller and implementation method thereof |
| CN113923253A (en) * | 2021-10-12 | 2022-01-11 | 西安万像电子科技有限公司 | Virtual machine image transmission method, electronic equipment and storage medium |
| CN114025010B (en) * | 2021-10-20 | 2024-04-16 | 北京奥星贝斯科技有限公司 | Method for establishing connection and network equipment |
| CN114125025B (en) * | 2021-11-23 | 2024-02-13 | 北京奥星贝斯科技有限公司 | Data transmission method and device under multi-target network |
| CN114448667B (en) * | 2021-12-23 | 2023-08-08 | 天翼云科技有限公司 | Data transmission method, device and equipment |
| CN114785733B (en) * | 2022-06-20 | 2022-08-26 | 中电云数智科技有限公司 | Method for realizing session tracing in cross-VPC network flow forwarding |
| CN116155890B (en) * | 2023-04-20 | 2023-08-15 | 杭州优云科技有限公司 | Method and device for realizing distributed file system |
| CN116938877B (en) * | 2023-09-15 | 2024-01-05 | 阿里云计算有限公司 | Domain name resolution data configuration method, domain name resolution method and related device |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100111105A1 (en) * | 2008-10-30 | 2010-05-06 | Ken Hamilton | Data center and data center design |
| CN102684969B (en) * | 2011-03-18 | 2015-03-04 | 日电(中国)有限公司 | VPN (virtual private network) node, VPN node identification analysis agency and method, VPN server |
| US9419940B2 (en) * | 2012-03-02 | 2016-08-16 | Futurewei Technologies, Inc. | IPv4 data center support for IPv4 and IPv6 visitors |
| JP6218819B2 (en) * | 2012-06-20 | 2017-10-25 | フュージョンレイヤー・オサケユキテュア | Method and apparatus for IP commissioning and decommissioning in an orchestrated computing environment |
| CN103973827A (en) * | 2013-02-05 | 2014-08-06 | 中国移动通信集团公司 | Domain name resolution method and device |
| US9705965B2 (en) * | 2013-08-14 | 2017-07-11 | Vmware, Inc. | Systems and methods for PaaS level app motion |
| CN103634314B (en) * | 2013-11-28 | 2017-06-16 | 新华三技术有限公司 | A kind of service access control method and equipment based on virtual router VSR |
| KR20150076041A (en) * | 2013-12-26 | 2015-07-06 | 한국전자통신연구원 | System for supporting multi-tenant based on private ip address in virtual private cloud networks and operating method thereof |
| CN104852846B (en) * | 2014-02-14 | 2018-11-30 | 华为技术有限公司 | A kind of data forwarding controlling method and system |
| CN106331206B (en) * | 2015-06-30 | 2019-08-23 | 新华三技术有限公司 | Domain name management method and device |
| WO2018112944A1 (en) * | 2016-12-23 | 2018-06-28 | 深圳前海达闼云端智能科技有限公司 | Domain name resolution method and apparatus |
-
2017
- 2017-10-11 CN CN202110824843.3A patent/CN113726918B/en active Active
- 2017-10-11 CN CN201780095877.5A patent/CN111213348B/en active Active
- 2017-10-11 WO PCT/CN2017/105686 patent/WO2019071464A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| CN111213348B (en) | 2021-07-16 |
| CN111213348A (en) | 2020-05-29 |
| CN113726918A (en) | 2021-11-30 |
| WO2019071464A1 (en) | 2019-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113726918B (en) | Domain name resolution method based on cloud computing network and related system and device | |
| EP3391627B1 (en) | Shared multi-tenant domain name system (dns) server for virtual networks and corresponding method | |
| US10659471B2 (en) | Method for virtual machine to access physical server in cloud computing system, apparatus, and system | |
| CN110381163B (en) | Method for forwarding service request by gateway node and gateway node | |
| CN110727499A (en) | Resource data acquisition method and device, computer equipment and storage medium | |
| CN108093094B (en) | Database instance access method, device, system, storage medium and equipment | |
| US9274825B2 (en) | Virtualization gateway between virtualized and non-virtualized networks | |
| JP7135260B2 (en) | Computer-implemented method and system | |
| US11461149B1 (en) | Capacity management in provider networks using dynamic host device instance model reconfigurations | |
| WO2017157156A1 (en) | Method and apparatus for processing user requests | |
| CN107317832B (en) | Message forwarding method and device | |
| CN109981493B (en) | Method and device for configuring virtual machine network | |
| CN111835878A (en) | Hybrid cloud management method and device and computing equipment | |
| US11036535B2 (en) | Data storage method and apparatus | |
| CN107135242B (en) | Mongodb cluster access method, device and system | |
| US11095608B2 (en) | Cross protocol association for internet addresses for metadata association systems and methods | |
| EP3807779A1 (en) | Dynamic distributed data clustering | |
| TW201512990A (en) | Method for managing topology of virtual machines and management system using for the same | |
| CN116112466A (en) | Domain name resolution method and device | |
| US10951479B1 (en) | User controlled fault domains | |
| US20220129296A1 (en) | Service network approach for dynamic container network management | |
| US10243920B1 (en) | Internet protocol address reassignment between virtual machine instances | |
| WO2016141749A1 (en) | Port mapping implementation method and system for virtual machine, server and storage medium | |
| US8972604B1 (en) | Network address retention and assignment | |
| US20190312822A1 (en) | Outbound Request Management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220218 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Applicant after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Applicant before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |